Microsoft's President says company supports Apple in its iPhone encryption fight with FBI

Microsoft has finally offered an official position on the current fight between Apple and the FBI over access to an encrypted iPhone used by one of the San Bernardino shooting suspects. Microsoft's president Brad Smith told members of the U.S House of Representatives Judiciary Committee that the company supports Apple and will in fact file an amicus brief supporting the company as it enters its court case against the FBI next week.

Smith was previously scheduled to appear before the Judiciary Committee on the subject of governments requesting that companies hand over data that are stored on servers outside those countries. Microsoft has been dealing with these kinds of issues for some time and currently in the middle of a criminal case in Brazil where the country's government has fined the company because Microsoft would not turn over data that was stored in the U.S.

During his testimony, Smith was asked about Microsoft's opinion on Apple's case. In stating the company's support on Apple's position, Smith said that the case is similar to the ones that Microsoft is dealing with. Smith added that the government is using laws written in 1911 to support its position, and he brought out an adding machine from that time period showing the kind of technology that was available in that year. Smith says that Microsoft does not believe the courts can resolve current technology conflicts with laws that were written and meant for a 1911 time period. He stated, "We need 21st-century laws to address 21st-century technology issues."

Reader comments

Microsoft's President says company supports Apple in its iPhone encryption fight with FBI

The FBI has already accessed the device and is making a public statement saying how hard the encryption is to Crack (when really it took the boys and girls at the NSA a long weekend to get through it). The FBI now has direct access to the algorithm and is making the case that they can't access it to prompt terrorists to keep using it and mining all that intel.

The FBI is going through the courts for show, and if they can score a legal victory out of it, forcing companies to roll over whenever the time comes that they actually can't crack the encryption. It gives them a legal leg to stand on.

It's a shame the FBI tried doing this the right way. Another exAmple of how doing things the right way only screws you over. If they can't actually hack it they should just go to Russia or China. There is no way these two countries can't hack it. Yet for some reason is Americans always think we're ahead of them. Lol

"protect the privacy of our users" c'mon people, are you really afraid of the government seeing your shopping lists, texts on where to meet your friends for dinner, or that the wife wants you to pick up pizza on the way home? If the government wants to spy on me, they're welcome to. They'll get bored REAL quick.

Best comment I read on the same topic elsewhere:
The code used to unlock the phone would need to be verifiable by both the defendant and the FBI to ensure that Apple did not "tamper" with the evidence. The methodology would have to be entered into the court exactly. And the code would need to be vetted by peer review and independent 3rd parties. The defense would be able to question in detail the methods and processes the code uses to accomplish it’s goal of brute-forcing the passcode. This testimony would be become part of the permanent public record of any trial which used this process. It has been said that "Hundreds of Law Enforcement Agencies are eagerly awaiting the outcome of this order". Apparently these LEOs want to use this process to bring criminals to justice in the courtrooms across the U.S.
Does anyone realistically expect that this process, once created, could actually remain a secret?
The order itself asks that this process be used "via the Physical Device Port, Bluetooth, Wi-fi or other protocol available". What this means is once the process is created and actually used in a court of law, the process will be available to any and all to change and / or implement in any fashion imaginable. It’d probably take only hours for hackers to mod the process to steal banking information from any iPhone from 10 feet away.
So please, before you go forming an opinion on this based upon some Polly-anna assurance that this process will only be used this one time and it will remain a secret, please consider the real-world ramifications.

I'm one of those that fully believes regardless what apple says they can get into that phone. That said, it's county property and the terrorist lost all rights the minute he started killing people. I'm all for privacy but these are extremely extenuating circumstances. Sometimes the right thing to do is also the wrong thing to do. Apple is wrong in this instance.

I'm one of those that fully believes regardless what apple says they can get into that phone. That said, it's county property and the terrorist lost all rights the minute he started killing people. I'm all for privacy but these are extremely extenuating circumstances.

I can't see why they can't implement some kind of multi-level security feature that would allow phones to be unlocked. Say something like nuclear missile launch codes. Where the phone would have to be plugged into a dock and there's two people that each have codes that reset every minute, one at Apple (or any other OEM) and one government official. You could also have the carrier have to send an OTA patch to enable the phone first. And all three have to agree that the suspect should have phone breached in this manner.

Don't get me wrong, I'm all for privacy. But I also think that there are certain crimes and situations where a person gives up that right. I mean if someone got a hold of my phone, they'd not be much they could do other than send some tweets or Facebook posts. I understand that others might have things like bank details and whatnot.

Agreed. If someone steals your phone its still private. If you do something that gives enough cause for a government to get a warrent then they should be able to look at your phone... That is how privacy works irl.

That adding machine works and is no beta, unlike some MS offerings. About Apple, as that phone is not properly encrypted and Apple holds the keys to backdoor and owner of the phone as well as court order requests Apples assistance then Apple should comply of face the consequences.

Earlier this week, Microsoft co-founder Bill Gates told Bloomberg Television he was "disappointed" by reports that he supports the U.S. government in this dispute, saying it doesn’t accurately reflect his opinion.

“That doesn’t state my view on this,” he said in an interview on “Bloomberg Go.” “The extreme view that government always gets everything, nobody supports that. Having the government be blind, people don’t support that.”

Good news right there. I say if the Feds have the phone, get on to hacking it. If Apple does it and this thing goes south, they will only point at Apple. Kaspersky already said they would hack it, give it to them. Probably nothing on it but Candy Crush Saga, facebook and pictures of his homies anyway.

Bill Gates came out and said it wasnt a back door and its not a policy the Feds are pushing for. Its just the data on the guys phone they want. And I think that can easily fall within warrent laws and rules. I dont think a phone is an exception to that.

The data isn't what's in question. It's breaking the data's encryption before it gets wiped out and becomes completely unrecoverable. According to Apple, the tool does not currently exist to decrypt the data. According to the FBI and the court order it managed to get, Apple must develop, with its own resources, time, and expense, a tool to decrypt the data. Compelling a company to do work for an FBI case when it's the FBI's responsibility is the heart at what's in question here. If a company can be compelled to actually operate as an extension of the government then the same can be applied to individuals. Imagine being forced to work for a whole month for the police just to help them solve the case. Legal slavery ended back in 1863 with the Emancipation Proclomation.

Time and resources? Yes. Expense? No. The FBI essentially sent an RFP from Apple for the cost of the work. One of the first steps in paying somebody for services rendered is determining what the costs are going to be. Apple isn't being asked to take on a charity case here.

Currently we have about %1 privacy apparently, anything on your iPhone which hasn't been sent to or received from the internet is secure, anything else can and will be accessed by the government (and possibly other hackers) whenever they want.

I believe that justice comes before our convenience, so yes it's a sad day. And the fourth amendment states that that phone is property of the courts for now. Problem is, no one follows the Constitution anymore, but that's a separate issue

This isnt about privacy. This is about Apple decrypting a phone for warrents and no one else doing that. This isnt about a back door where suddenly a government or anyone can look at your pictures on your phone.

Unencrypting something in order to deliver it, is not a part of a warrant. No more than the government could serve a warrant to force someone to translate a foreign language, the government cannot issue a warrant to force a company to develop a new technology, software, or service.

In this case this is especially egregious as the FBI doesn't intend to use this tool to really prevent crime.

Some warrants are valid whereas others are not. The judge in this matter might have ordered an invalid warrant. The data has already been turned over to the FBI. They just don't have the time or expertise to decrypt it quickly. What the warrant (cour order) is compelling Apple to do is create a tool that will decrypt the data given that Apple has declared that the tool doesn't currently exist. This then becomes a whole different issue than a warrant that demands data be provided to the FBI. This is all about compelling a company to use its resources to design hacking tools to do the bidding of the FBI. Imagine that. It's no different than the police forcing you to work for free in order to help them solve a case that they are unwilling or incapabable of figuring out for themselves. This is totally preposterous!

Do you back up to iCloud? Cause Apple has the key to iCloud data. And they push that. Why does it matter if Apple has the key or tool to decrypt the iPhone and not allow any other agency or company to get ahold of it. For this very reason. Besides, the county in which this guy worked already said Apple could do it.

And the FBI probably cant, but the government can. And they probably will if Apple doesnt do it themselves.

I wish these companies would stop trouting the "These laws are 200 years old." line when the laws they rely on to perform business are empowered through the Commerce Clause (US Constitution, Article 1, Section 8). Something that was established more than 200 years ago.

The fact that the federal government uses poor interpretation of old constitutional amendments in order to regulate business, doesn't give the federal government the right to poorly interpret decades-old laws in order to misapply them to new technologies.

Lol. It is marketing, lead by the iPhone. And the government doesnt want a backdoor, they want the phone data. Data from a phone used by a terrorist who murdered people, who didnt actually own the phone but was using the county phone, in which the county has already said Apple could get the data off and turn it over.

And in order to obtain said data you need a backdoor. If the backdoor only consist of having unlimited tries, you still need to guess the password in a brute force manner, which, depending on key-length can take a longer time.

In any case a backdoor is needed even if the backdoor is not documented in public.

What's wrong with the community, don't they understand this is a national security issue? They don't have to give the FBI the hacking tools, tkae the phone to the Apple underground vault or whatever secure facility they have, get the info, give the info to the FBI and keep the rest of your phones secure.

This is a stupid stand that I am so confident Apple is not doing on ethical grounds, but a self serving position to protect their brand. Also the hipocresy, the all against the second ammendement, so they don't mind the goverment overreach when it suuits their agenda. God forbid another attack happens on linked information held in the phone.

But Apple can't do anything either. They'd have to guess the guy's PIN code just like the FBI would, and they'd have the same 10 try limit. The FBI is asking for special software to disable that limit. There is zero chance the software version wouldn't be used in other cases and leaked to non-US Government entities that want it.

And for anyone so supportive of the FBI being able to get into anyone's smartphone, please feel free to post your email password, banking information, contact list, social media passwords, etc. online. Because that's what you want everyone else to give up.

@Tom W. : not, you are taking it too far. I am supportive of the FBI getting this info. Your argument is flawed. All people supporting FBI spoken motive, are not criminals or known terrorists, and the FBI doesn't have court orders to go after regular citizens.

The FBI and other surveillance agencies do have court orders to go after regular citizens. Have you heard of the Patriot Act, signed into law by Barrack Obama? These agencies can collect data on you if you have spoken to a person, who has spoken to a person or organization which is believed to have ties to terror, or terror-supporting organizations. You can look up how they define this, but this basically covers every US citizen.

You're missing the point. Apple would need to develop a way to break through the phone's encryption. In no way does the FBI or even the whole federal government have the statutory authority to require a company to develop anything. I'll say it again in bigger letters because I know it is a concept that is difficult to understand and accept:

In no way does the FBI or even the whole federal government have the statutory authority to force a company to develop anything

The FBI is free to offer to pay a company to develop the tools they need to break into anything they so desire. If a company accepts that offer and succeeds in building that tool then so be it. Forcing Apple to develop that tool is the same as forcing any company to develop the tool it's just that Apple is probably most qualified to develop it since they created the encrypted OS in the first place. Is there something about this overall concept that is difficult to understand? someone please tell me if there is.

"Federal government forces Apple to create the 'iCrystal Ball' to foresee any future terrorist threats... and while they're at it, they also force the automotive industry to create vehicles that produce zero emissions and get unlimited mpgs.. And force farmers to produce enough food to end world hunger....."

Its not a back door. How is it a back door? Bill Gates came out and said its not a back door and he knows a few things about this stuff. Apple already has the data I am sure, they just dont want to turn it over and are grand standing.

So let me get this straight, they can get a warrent for your house, your car, you emails, etc, etc, but they cant get a warrent and see whats on your phone?

Btw, Microsofts case with the Feds is much different than this case. It has to do with jurisdiction and where, physically, peoples data is held, etc. Apples case has nothing to do with that. They are making this about marketing, lead by the iPhone.

The government has already stated that they would give the phone to Apple and just accept the data. This means they would never see or have access to the software used to circumvent the 10 attempt protection and or encryption. If the government issues a search warrent and can give apple the device there is no reason apple should not do their requried duty and precure the data for them.

When did I say I want the FBI to have everyone's data? You're making things up. I'll Hand over my data when I have a warrant requesting it, which will never happen since I abide by the law and am not a degenerate savage daesh.

Data on one's phone or computer is no different than a file cabinet full of hand written letters and physical media. I guess Enron should have encrypted their data digitally or put it in a safe and given the US government and its citizens a great big middle finger.

thats a redundant argument, i would be very happy to hand over my data to the FBI. I dont feel there is any data in my phone that they couldnt get else where. Banking? I dont do phone banking but even if i did a court order can get them that data by other means. Contacts? Sure its all in the cloud so have at it. etc. etc. passwords? what passwords? the only password on my phone is for my office 365 meh theres not much in there to see

They are not asking Apple to share the data with the world only the FBI

To say Apple isnt secure and that once made the device would leak means you dont trust apples security as a company. And if you dont trust that then you shouldnt trust their phone either

They can get a warrant to see what's on your phone, and they did. They just don't have the ability to open it so they are forcing apple to make a tool to open it for free. This would be like the gov. Forcing a locksmith to great a tool to open a lock for then for free. Yes, I would love to see them get the info they need, but they are going about it the wrong way.

You statements are contradicting. If Apple already has the data, as you claim, there would have to be a backdoor already. Without any backdoor Apple cannot possibly access said data....because it is encrypted.

Yes, we should all trust the goverment. The FBI had reason to believe the Boston Marathon bombers were planning terror acts, and even went so far as to interview them, but didn't take action to prevent the bombing. Yet, now that this attack has already happened, they feel it's critically important that they get a look at the guilty parties' phone? Am I supposed to believe they'll use whatever they find, pictures, local data, music, to prevent the next attack? We've had multiple terror attacks carried out here, the government already collects phone calls and texts, along with ISP data. Yet they can't stop these things. How much more should we give them?

Impossible! I'm told that Microsoft is in bed with government and gives them everything! In fact they built NSA backdoors into Windows and Bitlocker! Windows 8 sends information on everything you download to the CIA!

I thought they sent keylogger info directly to the government and hackers so that better viruses could be programmed? I heard that from an "IT and Programming Expert" who suggested that Linux is a good alternative. :P

Gates however stated he sides with the FBI. This issue is complex as hell and I was on Apple's side big time until I saw the actual text of the order in which the FBI indicated it was willing to have the software be coded using the IMEI number of the phone so it cannot be used again and even indicated it was willing to surrender the phone into apples custody provided they were provided with a means of remote access to do their password guessing and obtain data. I do not know if those technical measures would be sufficient to totally avoid the possibility of this tool "leaking" into the wild but I now believe apple, rather than refusing totally to budge should focus on working together with the courts and FBI to ensure this data (which, lets not forget IS potentially important to national security) can be obtained while avoiding any possibility of other users security being compromised. Most important is ensuring this modified OS never sees the light of day outside of apple HQ and that apple themselves ALWAYS requires a valid court order based on probable cause before providing this type of assistance.

I've read the text too, and that's a terrible idea. That means all the FBI (or any third parties) would have to do in the future would be change the IMEI specified in the code, then they can break into any phone.

If Apple budges on this case, how difficult do you think it'd be to get a court to approve future requests? It'd be rubber stamped just like the surveillance court. And the government can't even keep personnel data from leaking, what chance do they have at keeping this tool safe?

As far as I understand it Apple's position is that the current mechanism by which these orders are issued (All Writs Act) is not the proper way to go about this (the privacy / slippery slope argument), and that proper legislation that explicitly regulates these kinds of cases is needed, and I agree with them on this front. I find the language they used in expressing their position to be a little misleading, however. Specifically their use of the term "backdoor" for what is being requested of them by FBI was an unneeded exaggeration IMO, they should have rather said the thing as it is, i.e. (retrospectively) weakening the security of their software. I also think they've done their case a disservice by again overstating the security risk that this new tool they are being asked to create poses to the entire iPhone user base. In particular they are being asked to create the software for just one particular phone and even if the tool were to leak, the hackers would also need to (i) have physical access to the device, and (ii) somehow overcome the fact that any modification that they make to the leaked tool (e.g. to make the tool work on any iPhone) would render the software signature invalid and thus prevent them from pushing the modified software to the phone. Besides, Apple promotes the use of their iCloud service which is completely unencrypted, why doesn't /that/ pose a threat to the iPhone user base - can't the iCloud servers be hacked as well?

hmm... i don't quiet understand why back door is the wrong term to use, isn't the FBI asking them to create a tool to open the door in to their software? weakening would imply that certain measure be taken out of their security model, which isn't what's happening. Lets be honest, the only thing that distinguish the said phone is the IMEI number (ok maybe the S/N and MAC can count as well...), so you are essentially building a tool for all phones then adding in restriction for a specific phone based on IMEI number and I can tell you that this won't work before they even begin. look at it this way, software companies have been relying on CD Keys to prevent piracy, that... didn't... work... and then there is the DRM Bluray had that got broken within a very short period of time... We're lucky not all things are that easy to break, for instance, encryption. and now the FBI wants to have a tool that undermines that? it's a double edged sword my friend, FBI needs encryption more than most of us, of course this is only for the iOS, but imagine when they extend that to all other software, they'd be ripping their own shields too

Here is the kicker...this is not about that one phone. Even with the security feature, all they had to do was power the phone down and you get ten more tries. It could have been manually broken in a few days. Someone did the math already. This is about surveillance, pure and simple.

What you describe would not have worked. It is 10 tries period.Power cycling would male no difference. Also it slows down as you go through the 10.

However, the FBI id proposing something that scares the **** out of me. Ironically if they were using bitlocker on Win 10 with Intune MDM the nut job's employer could have recovered the phone with ease.

No what gates said was mis-interpreted. He doesnt side with the FBI but rather says that there has to be some sort of balance between what the feds want and what companies can give. He simply stated how things could play out. He had to make another statement due to bad journalism